Bradford Networks’ Network Sentry Ensures Secure Network Access at the Medical University of South Carolina

A unique combination of hospital, academic institution and research center, the Medical University of South Carolina (MUSC) understands the importance of Network Access Control (NAC). With 15,500 students and employees requiring secure access in more than 100 buildings across a 26-acre campus, it was critical that MUSC know who and what was connecting to the network at all times.

Highlights

Network Profile:

Wired and wireless access across a 26-acre campus with more than 100 buildings and 30 WAN sites; 15,500 students and employees

Challenges:

Automate network security to ensure that only authorized users access the network and that all endpoint devices comply with policies

Automatically registers devices, including infrastructure equipment and medical devices that are normally difficult to register

Fewer personnel needed to resolve issues

Ensures compliance with HIPAA, JCAHO and PCI mandates

Case Study

With unrestricted access threatening network security and compliance, MUSC had been evaluating NAC solutions for some time. The IT team determined they needed a scalable, flexible solution that would be unobtrusive to users. “We needed to balance high availability with minimal end-user impact. Ensuring excellent patient care is paramount, and disrupting the use of any medical device could be problematic,” explains Michael Haschker, network systems team lead at MUSC.

In addition to common devices such as laptops, iPads and smartphones, MUSC requires network connectivity for medical devices, such as IV pumps, which are moved from room to room across the 700-bed facility yet must be be connected to the appropriate VLAN at each location.

“We wanted a solution that could integrate into our environment without requiring reconfiguration or upgrades,” says Patrick Lazorchak, MUSC network engineer. “It needed to be compatible with our existing multivendor technology so that we would have the flexibility to deploy whatever infrastructure components work best.”

MUSC evaluated a number of products but a pilot of Network Sentry from Bradford Networks convinced them that it was the best choice for their environment.

Bradford Networks’ Network Sentry the Clear Choice

With Network Sentry, MUSC has a better understanding of who is connected to their network, and can restrict access to authorized users. Network Sentry has also minimized the time and effort required to identify users and devices, so fewer personnel are needed to resolve issues. “With Network Sentry, tasks that used to require six staff members now can be completed by two,” says Michael.

MUSC also relies on Network Sentry to identify devices and automate registration, including thousands of managed machines and headless devices—printers, IP cameras, and medical devices—that lack a user interface and are challenging to register. “For years we had a problem ensuring appropriate access for portable EEG machines,” Michael explains. “Now with Network Sentry, when an EEG machine is plugged in, it is automatically assigned to the right VLAN no matter what port it’s in.”

Network Sentry Provides Valuable Insight, Ensures Policy Enforcement

MUSC credits Network Sentry with providing valuable insight into the software installed on each device and helping enforce endpoint policy. “It allows us to generate reports that highlight our vulnerabilities,” Patrick says. “We learn where our risks lie, how serious they are, and what the most effective resolution would be.”

Network Sentry also provides feedback to users. If a device is out of compliance, it’s moved to an isolation network, and the user is notified as to why access was limited and how to correct the problem. “In the past, identifying a non-compliant device would force us to shut down all related switches manually,” Patrick adds. “Rather than brute force, Network Sentry allows both staff and users to address problems quickly and easily.”

Increases In Security, Compliance

Network Sentry has helped MUSC meet critical HIPPA, JCAHO and PCI compliance requirements. “Before Network Sentry, we didn’t know about many of the credit-card readers that were transmitting data over our network,” says Michael. “Network Sentry allowed us to create a policy to ensure we were meeting compliance requirements.”

Bradford Networks - BYOD

Bradford Networks offers the best solution to enable secure network access for corporate issued and personal mobile devices. The company's flexible Network Sentry platform is the first network security offering that can automatically identify and profile all devices and all users on a network, providing complete visibility and control. Unlike vendor-specific network security products, Network Sentry provides a view across all brands of network equipment and connecting devices eliminating the network blind spots that can introduce risk.

Bradford Networks - Network Sentry/RTR

Network Sentry/RTR minimizes a threat's impact and the response time for remediation. Network Sentry/RTR leverages its unique Live Inventory of Network Connections (LINC) to automatically correlate high fidelity security alerts from the leading firewall and Advanced Threat Detection solutions, including FireEye, Fortinet, and Palo Alto Networks, with detailed contextual information on compromised endpoints, users and applications. Once identified, Network Sentry/RTR triggers an automated response, based on the severity and business criticality of the incident, to contain compromised devices in real time. Network Sentry/RTR also provides detailed historical information on all network connections, giving security experts unprecedented forensics to help fully understand and investigate the threat's methodology, lifecycle and scope.

Bradford Networks Pitches a Perfect Game for the Miami Marlins

Marlins Park is the spectacular new home of the Miami Marlins baseball team.

Throughout the ballpark there are thousands of different IP devices that are used to run the facility and venue events - including ATM machines, televisions and menu boards, LED display boards, point of sale terminals, sound systems, as well as PCs and laptops used by Marlins staff. For each game there can also be anywhere from 20 to 80 radio and television station personnel who need network access in order to broadcast the games. In addition to the sheer volume and variety, equipment is constantly being added and moved around the ballpark.